Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
High
GSA_kwCzR0hTQS13ajdxLWdqZzgtM2Nwbc4AA0Xq
league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase
Ecosystems: packagist
Packages: league/oauth2-server
Source: GitHub Advisory Database
Blast Radius: 35.2
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS02cjVnLWNxNHEtMzI3Z84AA0Xo
Statamic's Antlers sanitizer cannot effectively sanitize malicious SVG
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS13Mng1LWhwbWctajk4aM4AA0TD
Artesãos SEOTools Open Redirect vulnerability
Ecosystems: packagist
Packages: artesaos/seotools
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS13amc4LXB4cWotYzNjN84AA0TB
Artesãos SEOTools Open Redirect vulnerability
Ecosystems: packagist
Packages: artesaos/seotools
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS13NzQ1LXhqcXgtN3dwOM4AA0TC
Artesãos SEOTools Open Redirect vulnerability
Ecosystems: packagist
Packages: artesaos/seotools
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS04Njk5LWg0NWctN2htOM4AA0SM
Concrete CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1xeGgzLWpndmgteDU1as4AA0OT
Connect-CMS Privilege Escalation Vulnerability
Ecosystems: packagist
Packages: opensource-workshop/connect-cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1jZmg0LTd3cTktNnBnZ84AA0KK
WPGraphQL Plugin vulnerable to Server Side Request Forgery (SSRF)
Ecosystems: packagist
Packages: wp-graphql/wp-graphql
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1mbXJmLXA3N2ctdnY1Y84AA0J4
MediaWiki Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: wikibase/wikibase
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS12NmcyLWp3cm0taDVyNc4AA0JZ
phpMyFAQ Cross-site Scripting
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1naDY2LWZwN2otOTh2Nc4AA0IL
Shopware improper mail validation vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1xOTdjLTJtaDMtcGd3Oc4AA0IK
Shopware dependency configuration exposed
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS14M20yLTNwd2otOGZqNM4AA0Bx
Admidio Improper Access Control vulnerability
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
GSA_kwCzR0hTQS1obTc1LTh3NmgtNGY4Zs4AA0B0
Admidio Improper Neutralization of Formula Elements in a CSV File vulnerability
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS12bXhnLXd4NmMtNGYzcs4AA0CZ
Admidio Improper Access Control vulnerability
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
GSA_kwCzR0hTQS1oaHFtLWY0bTQtcHEzOc4AA0BE
RaspAP raspap-webgui Command Injection vulnerability
Ecosystems: packagist
Packages: billz/raspap-webgui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS00OW12LXZmY3AtOGdnOc4AA0AP
Moodle vulnerable to SQL Injection
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1md2ZqLThwMzYtcmM2NM4AA0AN
Moodle vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: 11 months ago
High
GSA_kwCzR0hTQS14eHA0LW1mNGgtNmN3bc4AA0AO
Moodle vulnerable to Server Side Request Forgery
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 11 months ago
Critical
GSA_kwCzR0hTQS01bTNtLXE4Y3EtNzdnNM4AAz_c
fuadmin vulnerable to insecure file upload
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1xMmZwLWp3ODctODZweM4AAz-_
laravel-s vulnerable to Local File Inclusion
Ecosystems: packagist
Packages: hhxsv5/laravel-s
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 11 months ago
Critical
GSA_kwCzR0hTQS00N3A3LXhmY2MtNHB2Oc4AAz-X
php-imap vulnerable to RCE through a directory traversal vulnerability
Ecosystems: packagist
Packages: webklex/laravel-imap, webklex/php-imap
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: 11 months ago
Critical
GSA_kwCzR0hTQS02dmYyLW1mbXItcXFxd84AAz9f
Liufee CMS File Upload vulnerability
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1ncXI0LWN2ZjQtMzk1N84AAz9M
YiiCMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: sheng/yiicms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS03eHF4LXh3ZzktangzNM4AAz9J
NodCMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: khodakhah/nodcms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
GSA_kwCzR0hTQS00Y3czLXJocXgtdnF3cs4AAz9A
GilaCMS Cross Site Request Forgery vulnerability
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1xM3E1LXF2aDUtY213Nc4AAz9T
liufee CMS File Upload vulnerability
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1tM3Y1LWdqajktcmcyNM4AAz9L
Craft CMS vulnerable to HTML injection
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: 11 months ago
High
GSA_kwCzR0hTQS13aHI3LW0zZjgtbXBtOM4AAz6E
Grav Server-side Template Injection (SSTI) via Twig Default Filters
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 11 months ago
High
GSA_kwCzR0hTQS1qM3Y4LXY3N2YtZnZnbc4AAz6D
Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 11 months ago
High
GSA_kwCzR0hTQS05Nnh2LXJtd2otNnA5d84AAz6C
Grav Server-side Template Injection (SSTI) via Twig Default Filters
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1mOWpmLTRjcDQtNGZxNc4AAz6B
Grav Server Side Template Injection (SSTI) vulnerability
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 11 months ago
High
GSA_kwCzR0hTQS00eGYyLTdxZnYtbWdmeM4AAz5z
ipandlanguageredirect extension vulnerable to SQL Injection
Ecosystems: packagist
Packages: in2code/ipandlanguageredirect
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1mNG02LXgyeGotamM3d84AAz50
ke_search (aka Faceted Search) vulnerable to Cross-Site Scripting
Ecosystems: packagist
Packages: tpwd/ke_search
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: 11 months ago
High
GSA_kwCzR0hTQS13bTVnLXA5OXEtNjZnNM4AAz3C
elFinder vulnerable to path traversal in LocalVolumeDriver connector
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: 11 months ago
High
GSA_kwCzR0hTQS1mcHZnLW03ODYtaDV2cs4AAz0h
Dolibarr vulnerable to unauthenticated database access
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1qcjY2LTlnaGYtNmdwM84AAzxm
Froxlor Session Fixation vulnerability
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1wN3htLWc0MjctanhmY84AAzxk
Teampass Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1xbXc4LXgzNjQteHh4bc4AAzxl
Teampass Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 11 months ago
High
GSA_kwCzR0hTQS1naHFxLWpmeDctZjZtOc4AAzvu
Froxlor vulnerable to Path Traversal
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Critical
GSA_kwCzR0hTQS1jaHc0LTg4eGMtNzl3Ns4AAzvv
Froxlor vulnerable to Improper Restriction of Excessive Authentication Attempts
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1mcWN2LXJmcDYtd3Y5Ms4AAzuV
Microweber Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS00NmczLWY5cjgteGo0ds4AAzpL
Pimcore vulnerable to Pre-Auth Path Traversal in pimcore_log parameter
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 12 months ago
High
GSA_kwCzR0hTQS1oODdyLWY0dmMtbWNods4AAzpK
PocketMine-MP vulnerable to improperly checked dropped item count leading to server crash
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 12 months ago
High
GSA_kwCzR0hTQS1wcXAzLThycnctZzh2bc4AAzpJ
PocketMine-MP vulnerable to server crash with certain invalid JSON payloads in `LoginPacket` due to vulnerable dependency
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1tNG12LXJtcjctaDVmNc4AAzpI
Pimcore Privilege Defined With Unsafe Actions vulnerability
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1neDRyLWZ2d2ctODY3OM4AAzos
Admidio vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1nM2pyLTZ2ajQtM3g4Ms4AAzn0
TeamPass vulnerable to Improper Access Control
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 12 months ago
Critical
GSA_kwCzR0hTQS1qMjQ1LXYybWgtNWg2Zs4AAznw
TeamPass vulnerable to stored Cross-site Scripting
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 12 months ago
High
GSA_kwCzR0hTQS04dm04LTM4cGMtOHhoaM4AAznu
TeamPass vulnerable to stored Cross-site Scripting
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 12 months ago
High
GSA_kwCzR0hTQS1jNmZ2LTNqbTktNnI4Zs4AAznt
TeamPass vulnerable to stored Cross-site Scripting
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS00MnFtLTh2OG0tbTc4Y84AAzlJ
PocketMine MP vulnerable to uncontrolled resource consumption via mismatched type of 'InventoryTransactionPacket'
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1wNzR2LW13dmctOGdocM4AAzjR
Dcat-Admin vulnerable to Stored Cross-site Scripting
Ecosystems: packagist
Packages: dcat/laravel-admin
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1oNWc5LTJwMzUtNTRjN84AAzjW
nilsteampassnet/teampass vulnerable to cross-site scripting
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS05NHI3LTYzZzgtYzRqd84AAziq
thorsten/phpmyfaq vulnerable to cross-site scripting
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS05NzRxLTR2dnItdmc5Y84AAzit
thorsten/phpmyfaq vulnerable to cross-site scripting
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 12 months ago
High
GSA_kwCzR0hTQS05d3FyLTVqcDQtbWptaM4AAzgy
Dolibarr vulnerable to remote code execution via uppercase manipulation
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS03eDk0LWp4NzUtM2doNs4AAzfU
Stored cross site scripting in Craft CMS
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS02cWp4LTc4N3YtNnB4cs4AAze0
Craft CMS stored XSS in indexedVolumes
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1jam1tLXg5eDktbTJ3Nc4AAzez
Craft CMS stored XSS in review volume
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1xcGdtLWdqZ2YtOGMyeM4AAzey
Craft CMS XSS in RSS widget feed
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS0zd3hnLXc5NmotOGhxOc4AAzex
CraftCMS stored XSS in Quick Post widget error message
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1qNjVyLWc3cTItZjh2M84AAzeX
Pimcore customers' list user password hash is disclosed
Ecosystems: packagist
Packages: pimcore/customer-management-framework-bundle
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 12 months ago
High
GSA_kwCzR0hTQS1oNmpoLWNmODMtcWNxNc4AAzc1
Code injection in nilsteampassnet/teampass
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 12 months ago
High
GSA_kwCzR0hTQS12cXhmLXI5cGgtY2M5Y84AAzbH
Craft CMS vulnerable to Remote Code Execution via unrestricted file extension
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 12 months ago
Critical
GSA_kwCzR0hTQS1tNm04LTZncTgtYzlmas4AAzbB
Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS00Z205LWM5anEtZzUyM84AAzaE
Froxlor vulnerable to Allocation of Resources Without Limits or Throttling
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 1 year ago
High
GSA_kwCzR0hTQS0zNmNtLWg4Z3YtbWc5N84AAzaA
RosarioSIS Stores Sensitive Data in a Mechanism without Access Control
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 1 year ago
Moderate
GSA_kwCzR0hTQS1oNTM4LXI5eDYtcmNtY84AAzYj
LavaLite vulnerable to Cross Site Scripting
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05NXg0LWo3dmMtaDhtZs4AAzYH
ReactPHP's HTTP server continues parsing unused multipart parts after reaching input field and file upload limits
Ecosystems: packagist
Packages: react/http
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yNWZ4LTNjMnEtY3E0Ns4AAzYF
pimcore/customer-management-framework-bundle has SQL Injection vulnerability in Segment Assignment query
Ecosystems: packagist
Packages: pimcore/customer-management-framework-bundle
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qNjU3LXBqZ2MtYzRoNs4AAzXy
phpMyFAQ vulnerable to stored Cross-site Scripting
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12cHBxLTZmZjgtMm04d84AAzX1
phpMyFAQ vulnerable to stored Cross-site Scripting
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13MnBtLWZyNjItamd2NM4AAzXb
Moodle vulnerable to stored Cross-site Scripting
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xM3A0LXYyY20tcTk0Nc4AAzWk
Pimcore Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS0ybWhoLTI3djctM3ZjeM4AAzUE
WWBN AVideo command injection vulnerability
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mang1LXhtN3Etd2h2as4AAzTe
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05NHE0LXY1ZzYtcXA3eM4AAzTc
LavaLite CMS vulnerable to host header injection attack
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS02dmNmLWNmanAtcXhjd84AAzTg
LavaLite vulnerable to web cache poisoning
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13NzY2LTM1NzItZjJods4AAzSl
Pimcore Cross-site Scripting (XSS) vulnerability in Admin Translations
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tcTN4LXFnd3gtM3Jmd84AAzSk
Embedding untrusted input inside CSV files leads to Formula Injection/CSV Injection
Ecosystems: packagist
Packages: pimcore/customer-management-framework-bundle
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1taHBqLTdtN2gtOHA2eM4AAzSc
Pimcore Cross-site Scripting (XSS) in Static Routes name field
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14OTlqLXI4dnYtZ3d3as4AAzSL
Pimcore vulnerable to Business Logic Errors via Customer automation rules
Ecosystems: packagist
Packages: pimcore/customer-management-framework-bundle
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tNm05LWdyODUtNzl2bc4AAzRH
Pimcore Cross-site Scripting (XSS) in name field of Custom Reports
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xN2NjLW02anctbTI2Ms4AAzRG
Pimcore Cross-site Scripting (XSS) in Predefined Properties delete
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yM2ZnLTNyODgtNngzZs4AAzRF
Ibexa User Settings are accessible on the front-end for anonymous user
Ecosystems: packagist
Packages: ibexa/user
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS1wcmo1LTJnMnAteDJtd84AAzLd
teampass vulnerable to code injection
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qNG14LTk4aHctNnJ2Ns4AAzGz
craftcms/cms vulnerable to cross site scripting in RSS feed widget
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS01bWY3LXAzNDYtN3JtOM4AAzGq
Cross Site Scripting in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01eHEzLTdtdzktd2o1cM4AAzGo
Cross Site Scripting in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yZmZwLXc2NjUtOW1neM4AAzGt
Cross Site Scripting in nilsteampassnet/teampass
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS00bTd2LXdyNnYtMm13Nc4AAzGP
AzuraCast missing brute force prevention
Ecosystems: packagist
Packages: azuracast/azuracast
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yMmdqLThxajItZmo0Ns4AAzEK
Moodle External Control of File Name or Path vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS03bW1jLTIyZzctM3hxMs4AAzD9
Moodle SQL Injection vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mOGhwLWdybXItcHA3as4AAzD5
RosarioSIS vulnerable to CSV Injection
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nMm1jLWZxcWMtaHhnM84AAzD1
Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS14cjloLXAycmMtcnBxbc4AAzC_
WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05eGc2LTc1bWgtN3gzZs4AAzCi
Cross-site Scripting (XSS) in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yNjl2LXE0OGctMzk2Ns4AAzCX
phpMyFAQ Improper Access Control vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04NTk1LTY2NTMtOTZwMs4AAzCW
phpMyFAQ vulnerable to Stored Cross-site Scripting
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 1 year ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 634
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 30 getgrav/grav 29 centreon/centreon 27 shopware/shopware 27 prestashop/prestashop 26 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 mediawiki/core 23 getkirby/cms 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 topthink/framework 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 genix/cms 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 phpmailer/phpmailer 14 zendframework/zendframework1 14 typo3/cms-backend 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 impresscms/impresscms 13 october/system 13 sylius/sylius 12 dompdf/dompdf 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 feehi/feehicms 11 silverstripe/cms 11 zendframework/zendframework 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 opencart/opencart 10 ezsystems/ezpublish-legacy 10 wwbn/avideo 10 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 kevinpapst/kimai2 9 TinyMCE 9 contao/core 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 tinymce/tinymce 9 october/october 9 tinymce 9 concrete5/core 9 alextselegidis/easyappointments 9 yiisoft/yii2 8 october/cms 8 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 sulu/sulu 8 codiad/codiad 8 flarum/core 7 wpglobus/wpglobus 7 ezsystems/ezplatform-admin-ui 7 mantisbt/mantisbt 7 silverstripe/admin 7 silverstripe/graphql 7 october/backend 7 symfony/http-foundation 7 statamic/cms 7 pterodactyl/panel 7 yiisoft/yii2-dev 6 directmailteam/direct-mail 6 yourls/yourls 6 gleez/cms 6 bagisto/bagisto 6 dweeves/magmi 6 guzzlehttp/guzzle 6 in2code/femanager 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 zoujingli/thinkadmin 6 backdrop/backdrop 6 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 automad/automad 5 phpxmlrpc/phpxmlrpc 5 neos/flow 5 billz/raspap-webgui 5 typo3/cms-install 5 elgg/elgg 5 phpseclib/phpseclib 5 neos/neos 5 illuminate/database 5 vrana/adminer 5 symfony/security-core 5 anchorcms/anchor-cms 5 codeigniter/framework 5 pear/archive_tar 5 oro/platform 5 bottelet/flarepoint 5 gugoan/economizzer 5 ibexa/core 5 symfony/security-bundle 4 modx/revolution 4 typo3/html-sanitizer 4 ezsystems/ezplatform 4 oro/commerce 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 codeigniter4/shield 4 bref/bref 4 wp-premium/gravityforms 4 idno/known 4 wintercms/winter 4 typo3/cms-frontend 4 kimai/kimai 4 woocommerce/woocommerce 4 appwrite/server-ce 4 magento/product-community-edition 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 bytefury/crater 4 evolutioncms/evolution 4 spatie/browsershot 4 adodb/adodb-php 4 shopware/storefront 4 sylius/resource-bundle 3 symfony/form 3 amphp/http-client 3 uvdesk/community-skeleton 3 enhavo/enhavo-app 3 zendframework/zendservice-amazon 3 pixelfed/pixelfed 3 zendframework/zendservice-api 3 facade/ignition 3 joomla/joomla-cms 3 twig/twig 3 phenx/php-svg-lib 3 shopxo/shopxo 3 doctrine/orm 3 yiisoft/yii 3 joomla/framework 3 quickapps/cms 3 reportico-web/reportico 3 qcubed/qcubed 3 phpoffice/phpspreadsheet 3 rudloff/alltube 3 ckeditor4 3 verbb/comments 3 icecoder/icecoder 3 typo3/cms-form 3 zencart/zencart 3 processwire/processwire 3 froala/wysiwyg-editor 3 buddypress/buddypress 3 illuminate/auth 3 limesurvey/limesurvey 3 bbpress/bbpress 3 zendframework/zendopenid 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/centreon/centreon-archived 12 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/semplon/GeniXCMS 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/funadmin/funadmin 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/tinymce/tinymce 9 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/sulu/sulu 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/Froxlor/Froxlor 8 https://github.com/pimcore/customer-data-framework 8 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/croogo/croogo 7 https://github.com/flarum/framework 7 https://github.com/mantisbt/mantisbt 7 https://github.com/pagekit/pagekit 7 https://github.com/Codiad/Codiad 7 https://github.com/bookstackapp/bookstack 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/statamic/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/gleez/cms 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/composer/composer 5 https://github.com/nukeviet/nukeviet 5 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/contao/core 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/ibexa/core 5 https://github.com/vrana/adminer 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/phpseclib/phpseclib 5 https://github.com/zendframework/zf1 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/codeigniter4/shield 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/ADOdb/ADOdb 4 https://github.com/spatie/browsershot 4 https://github.com/opencart/opencart 4 https://github.com/ezsystems/ezplatform 4 https://github.com/oroinc/platform 4 https://github.com/yourls/yourls 4 https://github.com/screetsec/VDD 4 https://github.com/kimai/kimai 4 https://github.com/crater-invoice/crater 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/brefphp/bref 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/bagisto/bagisto 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/PrestaShop/productcomments 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/quickapps/cms 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/guzzle/psr7 3 https://github.com/reportico-web/reportico 3 https://github.com/Rudloff/alltube 3 https://github.com/modxcms/revolution 3 https://github.com/dd3x3r/enhavo 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/in2code-de/femanager 3 https://github.com/pixelfed/pixelfed 3 https://github.com/twigphp/Twig 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/flarum/core 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/verbb/comments 3 https://github.com/oroinc/crm 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/liufee/feehicms 3 https://github.com/idno/known 3 https://github.com/concrete5/concrete5 3 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/cecilapp/cecil 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/filegator/filegator 2 https://github.com/TYPO3/Fluid 2 https://github.com/squizlabs/PHP_CodeSniffer 2 https://github.com/CCCCCrash/POCs 2 https://github.com/ezsystems/repository-forms 2 https://github.com/amphp/http-client 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/woocommerce/woocommerce 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/api-platform/core 2 https://github.com/bcit-ci/CodeIgniter 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/ethercreative/logs 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/munkireport/munkireport-php 2 https://github.com/apereo/phpCAS 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/livewire/livewire 2 https://github.com/onelogin/php-saml 2 https://github.com/verbb/knock-knock 2 https://github.com/icecoder/ICEcoder 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/orchidsoftware/platform 2 https://github.com/ckeditor/ckeditor4 2 https://github.com/verbb/image-resizer 2 https://github.com/fuel/core 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/paragonie/phpecc 2 https://github.com/aws/aws-sdk-php 2 https://github.com/passbolt/passbolt_api 2 https://github.com/azuracast/azuracast 2 https://github.com/joomla/joomla-cms 2